Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.
References
Link | Resource |
---|---|
https://github.com/bigtreecms/BigTree-CMS/issues/364 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-26T17:28:41
Updated: 2021-08-26T17:28:41
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-18467
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-26T18:15:07.560
Modified: 2021-08-27T21:11:19.717
Link: CVE-2020-18467
JSON object: View
Redhat Information
No data.
CWE